[Koha-bugs] [Bug 3652] XSS vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 15 18:04:58 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
--- Comment #32 from Jared Camins-Esakov <jcamins at cpbibliography.com> ---
Created attachment 12823
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12823&action=edit
Bug 3652: close XSS vulnerabilities in opac-export
The opac-export.pl script had a number of XSS vulnerabilities relating
to its error handling.
To test:
1) Go to /cgi-bin/koha/opac-export.pl?op=export&bib=2&format=<h2>evil</h2>
(substituting a valid biblionumber for the '2')
2) Notice that "evil" is rendered as an h2 heading.
3) Apply patch.
4) Notice that you now see the h2 tags, and they are not rendered by
the browser.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list